When Blacklists Die

Real Magnet

7 years ago

Blacklists have been popular targets for complaints and criticism for years. Senders complain they are too stringent and lack transparency. The anti-spam community howls with outrage when they’re not as aggressive as they think they should be.

One blacklist in particular, called the five-ten-sg.com block list, has been a thorn in the side of ESPs since 2001 – but not because lots of ISPs use the list to block mail. In fact, they don’t; the list generates too many false positives, and as my colleague Al Iverson demonstrated a few years ago, you’d get significantly better results by randomly blocking any mail from an IP address in which the number 7 appears.

The list operator is a guy named Carl Byington, and I’ve been reading what he has to say about spam and e-mail for years. He’s a smart, reasonable guy who’s always been honest about the nature of his list. He lists sources of bulk e-mail for a broad range of reasons, and he’s quick to agree with anyone who points out that his listing criteria are not useful for filtering decisions in a high inbound e-mail volume production environment. But it’s his list, and he can do with it what he pleases – and ISPs and other network operators are similarly free to ignore it.

ESPs, on the other hand, have been getting an earful from their customers about Fiveten for a long time.

When a sender runs into deliverability problems, they’ll often turn to web sites that offer to look up an IP address on a bazillion block lists all at once. In altogether too many instances, they discover they’re listed by Carl. They’ll fire off a few angry e-mail messages or phone calls to their poor, harried deliverability guy. It always seems to take a few days to explain why the listing is almost certainly not the root cause of their deliverability issue, and to redirect time and energy back to the real issues.

Not all lists are created equal. Some are more important than others, because ISPs find them more useful, and so they become deployed more widely. In the scheme of things, Fiveten is not that important, and a Fiveten listing has no measurable impact on deliverability.

This weekend, Fiveten went dark. On Friday, any lookup at the site yielded a response reading “blackholes.five-ten-sg.com has been retired.” As of this writing, the domain doesn’t answer at all. Carl hasn’t provided any public explanation for his decision to decommission his list, and he really doesn’t have to. No one has to pay money to use his list, and maintaining a list takes more time, energy and resources than most folks realize. I suspect Carl simply ran out of one or more.

Senders have a love-hate relationship with blacklists; they do a good job of keeping the deluge of pill spam, virus and malware messages at bay, and are an important reason why e-mail remains a viable channel for marketing and commerce. But when senders find themselves at the pointy end of a listing, they often feel as though the listing must be capricious, or even malicious.

The demise of Fiveten demonstrates that, contrary to all the complaints over the years, block lists as a category generally are not capricious. It turns out that market forces are as immutable for block lists as for any business, and block lists operators are just as answerable. Over-aggressive listings are not useful to ISPs, because they tend to generate false positives by blocking wanted mail. When a list isn’t useful anymore, ISPs stop using it, and it goes away. Just like Fiveten did.

Blacklists will continue to exist and operate much as they always have, and I predict that both senders and anti-spammers will continue to complain about them just as loudly. If either side were to stop – well, that’s when I’d start to worry whether blacklists are still doing a good job.